poll was included in sys/kern/capabilities.conf with it's first revision (r219131) together with a comment: "## Allow poll(2), which will be scoped by capability rights." "## XXXRW: We don't yet do that scoping." in r224910 the poll(2) implementation for capabilities was added, but the now miss-leading XXXRW comment in capabilites.conf was left there. Given that the ppoll(2) and poll(2) implementations in sys/kern/sys_generic.c share the capability relevant code; please - add ppoll to sys/kern/capabilities.conf - remove XXXRW comment
Created attachment 198424 [details] patch to include ppoll in sys/kern/capabilities.conf
Capabilities do not appear to restrict signals at all, aside from restricting signal delivery to foreign processes (which cannot be selectively enabled). So I don't see any reason ppoll(2) cannot be treated the same as poll(2).
A commit references this bug: Author: oshogbo Date: Sun Nov 4 17:12:53 UTC 2018 New revision: 340129 URL: https://svnweb.freebsd.org/changeset/base/340129 Log: capsicum: allow ppoll(2) in capability mode We already allow to use poll(2). There is no reason to disallow ppoll(2). PR: 232495 Submitted by: Stefan Grundmann <sg2342@googlemail.com> Reviewed by: cem, oshogbo MFC after: 2 weeks Changes: head/sys/kern/capabilities.conf
A commit references this bug: Author: oshogbo Date: Tue Nov 6 18:05:46 UTC 2018 New revision: 340195 URL: https://svnweb.freebsd.org/changeset/base/340195 Log: capsicum: Add ppoll and freebsd32_ppoll to compat32. PR: 232495 Pointed out by: brooks MFC after: 2 weeks Changes: head/sys/compat/freebsd32/capabilities.conf
Thanks for working on this. The commits (early November 2018) to HEAD include a MFC of 2 weeks, but it doesn't look like they have been MFC'ed. It would be great to have these changes included in the next 12-RELEASE!
A commit references this bug: Author: brooks Date: Wed Jan 30 23:47:22 UTC 2019 New revision: 343596 URL: https://svnweb.freebsd.org/changeset/base/343596 Log: MFC r340129, r340195, r340198 r340129: capsicum: allow ppoll(2) in capability mode We already allow to use poll(2). There is no reason to disallow ppoll(2). PR: 232495 Submitted by: Stefan Grundmann <sg2342@googlemail.com> Reviewed by: cem, oshogbo r340195: capsicum: Add ppoll and freebsd32_ppoll to compat32. PR: 232495 Pointed out by: brooks r340198: Remove ppoll. freebsd32 doesn't define a ppoll syscall. Reported by: jhb Changes: _U stable/12/ stable/12/sys/compat/freebsd32/capabilities.conf stable/12/sys/kern/capabilities.conf
A commit references this bug: Author: brooks Date: Wed Jan 30 23:48:11 UTC 2019 New revision: 343597 URL: https://svnweb.freebsd.org/changeset/base/343597 Log: Regen after r343596: enable ppoll in capability mode. PR: 232495 Changes: stable/12/sys/compat/freebsd32/freebsd32_sysent.c stable/12/sys/kern/init_sysent.c
Merged to 12. It seems best not to touch 11, but we could if there's demand.